Hello. I'm trying to skip the API rate limits for requests made by an authenticated user with a particular role. The docs mention a "skip" Express middleware function that can be used, but I'm not sure how to get the user from the request object. Is there an example somewhere using the "skip" property?

I couldn't figure this out. I ended up with a somewhat dumb solution passing a secret as a header

  rateLimit: {
    trustProxy: true,
    skip: ({ headers }) => {
      return typeof headers['x-api-key'] !== undefined && headers['x-api-key'] === process.env.PAYLOAD_ADMIN_API_KEY;

    }
  },

notchr2 years ago
@583007768311758886
I believe that the user should be available on the req object in express (as long as payload.authenticate() is called)
```
    skip: (request, response) => {
          console.log(request.user)
          return false // no requests skipped by default
        }
```
Actually, not sure you need
payload.authenticate()
before this, but IIRC that tells express to check the session
__scooba__last month
I'm on Payload version 2.30.3 and
request.user
is always undefined in the skip function

The authentication middleware gets called way after the rateLimit one, so user wouldn't be available yet.

https://github.com/payloadcms/payload/blob/v2.32.2/packages/payload/src/express/middleware/index.ts#L40-L62

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.